CVE-2014-0228

CWE-284 — Improper Access Control4 documents4 sources

Severity

3.5LOW

EPSS

0.3%

top 44.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Hive

Timeline

PublishedNov 16

Latest updateNov 21

Description

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

▶Mavenorg.apache.hive:hive< 0.13.1

▶Mavenorg.apache.hive:hive-exec< 0.13.1

▶Mavenorg.apache.hive:hive-service< 0.13.1

▶NVDapache/hive0.13.0

🔴Vulnerability Details

OSV

Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service↗2018-11-21

▶

GHSA

Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service↗2018-11-21

▶

CVEList

CVE-2014-0228: Apache Hive before 0↗2014-11-16

▶